policy: close memoized policy filesystems#3943
Conversation
tonistiigi
left a comment
There was a problem hiding this comment.
I don't get this. The previous function does reference counting. The new one just closes directly, so should be unsafe for multiple users. I also don't see what is left using the previous function.
Yes this repro was not the right because it asserted an internal close callback and fails on Linux too. The actual user-visible failure is Windows-specific because the leaked policy root keeps the policy directory open. Here is a new repro: func TestLoadPolicyDataReleasesPolicyDir(t *testing.T) {
dir := t.TempDir()
require.NoError(t, os.WriteFile(filepath.Join(dir, "policy.rego"), []byte("package docker\n"), 0600))
provider := newPolicyPathFS(context.Background(), nil, policyOpt{
ContextDir: dir,
})
_, ok, err := loadPolicyData(provider, "policy.rego")
require.NoError(t, err)
require.True(t, ok)
require.NoError(t, os.RemoveAll(dir))
}On Windows without this PR, it fails with this output: The path is But your point about |
5febb34 to
0b92026
Compare
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
0b92026 to
d5c8b88
Compare
This fixes policy filesystem cleanup so a policy filesystem returned by
newPolicyPathFSreleases the backend roots it acquired during one logical use.On Windows, the old implementation can leave the policy context directory open after
loadPolicyDatasucceeds. This test reproduces the failure:The old implementation fails because Windows cannot remove the directory while the policy root is still open.
newPolicyPathFSnow returns a per-use wrapper around the shared policy path filesystem. That wrapper lazily acquires thecwdand context backends at most once, records the matching release functions, and closes only the backends acquired by that wrapper.loadPolicyDatacallsStatand thenReadFile, and both operations can resolve through the memoized backend filesystem. The old close path only released one memoized reference for the whole logical policy filesystem use, so the backend root could remain open.